Not sure what has happened to my PC. Hope you can help. The desktop is black. Cant use system restore... when i go to start...all programs...and click on one...it says (empty) Complete Mayhem. ran Adaware...it would only quarantine various trojans... spybot...managed to clear some stuff, but 2 coupon HKEY things remain. something is very wrong. Also when i ran hijack this, i get the following message. For some reason your system denied access to the Hosts file. I am enclosing my hijack this log, and sincerely hope you can help...

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.

Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.

Hi Padmeister

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

Click Start, and type Create a restore point into the Search programs and files box.

Now click on the Create a restore point icon at the top of the find list.

This will open a System Properties box, with the System Protection tab open ...

Click on the Create button in the lower part of the window.

Type Pre Malware Cleanup into the description box, then click Create.

Windows will now create a Restore Point and notify you when finished.

Exit any open windows.

Please observe these rules while we work:

Perform all actions in the order given.

If you don't know, stop and ask! Don't keep going on.

Please reply to this thread. Do not start a new topic.

Stick with it till you're given the all clear.

Remember, absence of symptoms does not mean the infection is all gone.

Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.

Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

Quote:

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Before we start to clean your computer of infection we need to see if we can restore your programs ....

When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip

Now click on Report to open the log file created by TDSSKiller in your root directory C:\

Post the contents in your next reply please.

DO NOT TRY TO FIX ANYTHING AT THIS POINT

Summary of the logs I need from you in your next post:

OTL.txt

Extras.txt

TDSSKiller log

Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections._________________Gary RAdministrator atMalware Removal University

Error - 10/13/2011 10:17:34 PM | Computer Name = PaddyLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/13/2011 10:17:41 PM | Computer Name = PaddyLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/13/2011 10:17:53 PM | Computer Name = PaddyLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/13/2011 10:17:55 PM | Computer Name = PaddyLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/13/2011 10:17:58 PM | Computer Name = PaddyLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/13/2011 10:18:12 PM | Computer Name = PaddyLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/13/2011 10:29:42 PM | Computer Name = PaddyLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/13/2011 10:29:42 PM | Computer Name = PaddyLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on:

When prompted allow the Add-On/Active X to install.

Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.

Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

Now click on:

The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

When completed the Online Scan will begin automatically.

Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt

Copy and paste that log in your next reply please.

Now click on: (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:

OTL log

SystemLook.txt

E-Set log

Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections._________________Gary RAdministrator atMalware Removal University

If you have not yet run the scan then please do so and post me the log when finished.

If you have already run the e-set scan and just forgotten to post it, then please post it.

I'm probably going to be unavailable for the rest of the night, so it will likely be tomorrow morning (my time GMT -1) before I get to look at it._________________Gary RAdministrator atMalware Removal University

If you want to train to be a helper, we run a training course at my home forum (Malware Removal) if you click on the link in my signature below it will take you to the Home Page, where you will find a link to the University Application. You'll have to be a registered member to see the University page._________________Gary RAdministrator atMalware Removal University